blob: f3069904f8420514507d361e86288692ffc1c2e1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
# Top-level access controls for projects on Baserock Gerrit.
# These can be overridden by a project's own project.config file. They are also
# overridden by the config of a project's parent repo, if it is set to something
# other than the default parent project 'All-Projects'.
# Useful references:
#
# https://gerrit-documentation.storage.googleapis.com/Documentation/2.11/access-control.html
# https://git.openstack.org/cgit/openstack-infra/system-config/tree/doc/source/gerrit.rst
# To deploy changes to this file, you need to manually commit it and push it to
# the 'refs/meta/config' ref of the All-Projects repo in Gerrit.
[project]
description = Access inherited by all other projects.
[receive]
requireContributorAgreement = false
requireSignedOffBy = false
requireChangeId = true
[submit]
mergeContent = true
action = rebase if necessary
[capability]
administrateServer = group Administrators
priority = batch group Non-Interactive Users
streamEvents = group Non-Interactive Users
createProject = group Mirroring Tools
# Everyone can read everything.
[access "refs/*"]
read = group Administrators
read = group Anonymous Users
# Developers can propose changes. All 'Registered Users' are 'Developers'.
[access "refs/for/refs/*"]
push = group Developers
pushMerge = group Developers
[access "refs/heads/*"]
forgeAuthor = group Developers
rebase = group Developers
label-Code-Review = -2..+2 group Mergers
submit = group Mergers
label-Code-Review = -1..+1 group Reviewers
# label-Verified = -1..+1 group Testers
create = group Administrators
forgeAuthor = group Administrators
forgeCommitter = group Administrators
push = group Administrators
create = group Project Owners
forgeAuthor = group Project Owners
forgeCommitter = group Project Owners
push = group Project Owners
create = group Mergers
forgeAuthor = group Mergers
push = +force group Mergers
create = group Mirroring Tools
forgeAuthor = group Mirroring Tools
forgeCommitter = group Mirroring Tools
push = +force group Mirroring Tools
# Nobody should be able to force push to 'master'. In particular, if Lorry
# can force-push master then it will do, in the course of mirroring from
# git.baserock.org, and this may undo merges that Gerrit just did and really
# confuse things.
[access "refs/heads/master"]
exclusiveGroupPermissions = push
push = block +force group Mergers
push = block +force group Mirroring Tools
[access "refs/tags/*"]
pushTag = group Release Team
pushSignedTag = group Release Team
pushTag = group Administrators
pushSignedTag = group Administrators
pushTag = group Project Owners
pushSignedTag = group Project Owners
create = group Mirroring Tools
forgeAuthor = group Mirroring Tools
forgeCommitter = group Mirroring Tools
push = +force group Mirroring Tools
pushTag = +force group Mirroring Tools
pushSignedTag = +force group Mirroring Tools
# Changing project configuration is allowed for Administrators only. (In theory
# anyone who owns a project can change its permissions, but right now all
# projects should be owned by the Administrators group).
[access "refs/meta/config"]
exclusiveGroupPermissions = read
read = group Administrators
push = group Administrators
read = group Project Owners
push = group Project Owners
[label "Code-Review"]
function = MaxWithBlock
copyMinScore = true
value = -2 Do not merge
value = -1 This patch needs further work before it can be merged
value = 0 No score
value = +1 Looks good to me, but someone else must approve
value = +2 Looks good to me, approved
# Disabled for now, because there is no automated test tool hooked up to our
# Gerrit yet.
#[label "Verified"]
# function = MaxWithBlock
# value = -1 Failed
# value = 0 No score
# value = +1 Verified
|